.386
.model flat, stdcall
option casemap :none ; case sensitive
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib
.data
DbgNotFoundTitle db "Debugger status:",0h
DbgFoundTitle db "Debugger status:",0h
DbgNotFoundText db "Debugger not found!",0h
DbgFoundText db "Debugger found!",0h
szSICEKey db "SOFTWARE\NuMega\DriverStudio",0h
szIsSICEKey db "InstallDir",0h
szREGSZ db "REG_SZ",0
.data?
szBuff db 256h dup(?)
lpcbData dd ?
lpdwDisp dd ?
hKey dd ?
.code
start:
MOV lpcbData,256h
INVOKE RegOpenKeyEx, HKEY_LOCAL_MACHINE, addr szSICEKey, 0,KEY_WRITE or KEY_READ, addr hKey
PUSH offset lpcbData
PUSH offset szBuff
PUSH offset szREGSZ
PUSH 0
PUSH offset szIsSICEKey
PUSH hKey
CALL RegQueryValueEx
TEST EAX,EAX
JE @DebuggerDetected
@DebuggerNotFound:
PUSH 40h
PUSH offset DbgNotFoundTitle
PUSH offset DbgNotFoundText
PUSH 0
CALL MessageBox
JMP @exit
@DebuggerDetected:
PUSH 30h
PUSH offset DbgFoundTitle
PUSH offset szBuff
PUSH 0
CALL MessageBox
@exit:
PUSH 0
CALL ExitProcess
end start
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}